Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACS 3.0(2) on member 2003 server 1326L Error

I've got an older version of ACS 3.0(2) that I'm trying to install on a member Windows 2003 server. I've configured it to use the WindowsNT/2000 database. The groups get enumerated from AD however I'm getting some errors

The ACS Failed login attempts reports:

External DB user invalid or bad passsword.

I turned the logging up, and see this in the Auth log file:

External DB [NTAuthenDLL.dll]: Starting authentication for user [ctitech]

External DB [NTAuthenDLL.dll]: Attempting NT/2000 authentication

External DB [NTAuthenDLL.dll]: NT/2000 authentication FAILED (error 1326L)

On the controller I see:

Event Type: Failure Audit

Event Source: Security

Event Category: Account Logon

Event ID: 680

Date: 11/29/2005

Time: 2:36:42 PM

User: NT AUTHORITY\SYSTEM

Computer: PDC-NS1

Description:

Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Logon account: ctitech

Source Workstation: CISCO

Error Code: 0xC000006A

I looked that error code up and it means invalid password, however I'm verified the username and password are correct and have tried other accounts. So I’m thinking the ACS is trying to authenticate with the controller using an unsupported authentication method. Anyone know what, if any GPO setting could cause this, specifically LAN Manager Auth or digitally signing?

Thanks in advance,

Simon

2 REPLIES
Silver

Re: ACS 3.0(2) on member 2003 server 1326L Error

Hi

What AAA protocol are you using PAP or MSCHAP.. or some form of EAP?

Mismatched shared secret will break PAP.

If its MSCHAP and windows says 1326L then thats what it most likely will be.

Community Member

Re: ACS 3.0(2) on member 2003 server 1326L Error

I think I've corrected the problem. Was the strangest thing. I was interfacing with the admin pages using Firefox and apparently, even though I typed the same secret key, ff was encrypting the key wrong. I viewed the same page in IE and got bizzar I think I've corrected the problem. It’s the strangest thing. I was interfacing with the admin pages using Firefox and apparently, even though I typed the same secret key, ff was encrypting the key wrong. I viewed the same page in IE and saw bizarre characters in the key field. Retyped it and the error went away.

I had switched to using generic LDAP because I was seeing this same problem using WindowsNT/2000. I switched back to WindowsNT/2000 and am no longer seeing the problem their either. However, I am seeing

Attempting authentication for Unknown User 'testuser'

External DB [NTAuthenDLL.dll]: Starting authentication for user [testuser]

ttempting NT/2000 authentication

External DB [NTAuthenDLL.dll]: NT/2000 authentication SUCCESSFUL (by BDC-NS2)

External DB [NTAuthenDLL.dll]: Obtaining RAS information for user testuser from BDC-NS2

External DB [NTAuthenDLL.dll]: RasAdminUserGetInfo returned error 0x78

External DB [NTAuthenDLL.dll]: Failed to get RAS information for user testuser from BDC-NS2

Having some problems resolving this problem… anyone got a suggestion?

693
Views
0
Helpful
2
Replies
CreatePlease to create content